Deis v1 to v2 cheatsheet

Warning: those are personal not, can't guarantee they are correct!

alias kd="kubectl --namespace=deis"

Table of Contents

fleetctl list-units
fleetctl list-machines
deisctl install platform
deisctl uninstall platform
deisctl config controller set registrationMode=admin_only
- Method #1
- Method #2
deisctl config router set bodySize=0
etcdctl ls /deis/router
fleetctl ssh
fleetctl ssh deis-builder docker exec -it deis-builder bash
fleetctl journal deis-builder
fleetctl journal -f deis-builder
fleetctl stop deis-builder && fleetctl start deis-builder
Misc UIs

fleetctl list-units

# deis pods
kd get pods
# pods for a given app
kubectl get pods --namespace=appname

Tip: get can usually (always?) be substituted with describe for more verbose output.

List all pods (including non deis related pods --all-namespaces and terminated pods -a):

kubectl get pods --all-namespaces -a

fleetctl list-machines

kubectl get nodes

deisctl install platform

helmc install workflow-v2.2.0

deisctl uninstall platform

helmc uninstall -n deis -y workflow-v2.2.0
# leaves router, registry service and external load balancer intact

Full uninstall:

helmc uninstall -n deis -y workflow-v2.2.0
kubectl delete ns deis

Setup DNS

Get domain name for load balancer:

$ kd describe svc deis-router | grep LoadBalancer
Type:                   LoadBalancer
LoadBalancer Ingress:   abc-123.us-west-1.elb.amazonaws.com

Add following CNAME records in DNS management tool (e.g. Cloudflare):

CNAME  *.d  abc-123.us-west-1.elb.amazonaws.com

Apps should be available at http://app-name.d.your-domain.com

Controller should be available at http://deis.d.your-domain.com (for use with deis register http://deis.d.your-domain.com)

deisctl config controller set registrationMode=admin_only

Method #1

Pro: faster, don't need to reinstall Deis, down time localized to one component Con: configuration not persisted locally and lost if recreating cluster at a later time

kd edit rc deis-controller

Using editor, set REGISTRATION_MODE env variable:

# ...
containers:
  env:
    - name: REGISTRATION_MODE
      value: admin_only
    # ...
# ...

Delete pod to restart it:

$ kd get po | grep deis-controller
deis-controller-lto6v         1/1       Running   1          2h
$ kd delete po deis-controller-lto6v
pod "deis-controller-lto6v" deleted

Method #2

Pro: configuration persisted locally in ~/.helmc/workspace, can re-install platform with previous configuration more easily Con: slower, need to re-install the whole platform

helmc edit workflow-v2.2.0
# or: vim ~/.helmc/workspace/charts/workflow-v2.2.0/tpl/deis-controller-rc.yaml
# edit config files (e.g. tpl/deis-controller-rc.yaml)
# generate manifests
helmc generate -f -x manifests workflow-v2.2.0
# uninstall deis
helmc uninstall -n deis -y workflow-v2.2.0
# install deis
helmc install workflow-v2.2.0

deisctl config router set bodySize=0

helmc edit workflow-v2.2.0
# or
vim ~/.helmc/workspace/charts/workflow-v2.2.0/tpl/deis-router-rc.yaml
# edit, see snippet below

# re-generate manifests
# `-x manifests` speeds up generation?
# `-f` because we already generated once before
helmc generate -f -x manifests workflow-v2.2.0

# uninstall deis platform
helmc uninstall -n deis -y workflow-v2.2.0

# install deis platform using new configuration
helmc install workflow-v2.2.0

Snippet:

apiVersion: v1
kind: ReplicationController
metadata:
  name: deis-router
  # ...
  annotations:
    router.deis.io/nginx.bodySize: "0"
# ...

See https://github.com/deis/router#annotations

etcdctl ls /deis/router

kd edit rc deis-router

fleetctl ssh

kubectl does not have a similar command.

But you can however manually add your nodes in ~/.ssh/config. e.g.:

Host k8s-master
  User admin
  IdentityFile ~/.ssh/kube_aws_rsa
  PubkeyAuthentication yes
  HostName 52.52.11.11

ssh k8s-master

Tip: you can get the IP of the Kubernetes master by running kubectl cluster-info

To ssh to your minion nodes, get their IPs first and create ssh configurations for them.

On AWS, you can use the following command to get the IPs:

$ aws ec2 describe-instances --filters "Name=tag:Role,Values=kubernetes-minion" | grep PublicIpAddress
                    "PublicIpAddress": "54.215.200.1",
                    "PublicIpAddress": "54.215.200.2",
                    "PublicIpAddress": "54.215.200.3",

Create ssh configurations for the minions:

Host k8s-minion-1
  User admin
  IdentityFile ~/.ssh/kube_aws_rsa
  PubkeyAuthentication yes
  HostName 54.215.200.1
Host k8s-minion-2
  # same as above, with HostName 54.215.200.2
Host k8s-minion-3
  # same as above, with HostName 54.215.200.3

fleetctl ssh deis-builder docker exec -it deis-builder bash

# find pod name
$ kd get pods | grep deis-builder
deis-builder-goj0i            1/1       Running   0          45m
$ kd exec -it deis-builder-goj0i bash

fleetctl journal deis-builder

# find pod name
$ kd get pods | grep deis-builder
deis-builder-goj0i            1/1       Running   0          45m
$ kd logs deis-builder-goj0i

fleetctl journal -f deis-builder

# find pod name
$ kd get pods | grep deis-builder
deis-builder-goj0i            1/1       Running   0          45m
$ kd logs -f deis-builder-goj0i

fleetctl stop deis-builder && fleetctl start deis-builder

# find pod name
$ kd get pods | grep deis-builder
deis-builder-goj0i            1/1       Running   0          45m
$ kd delete pod deis-builder-goj0i
# pod will automatically restart

Misc UIs

For actual links, run kubectl cluster-info.

You can get the HTTP basic auth credentials from kubectl config view under - name: <provider>_kubernetes-basic-auth.

You can ignore the SSL error warning if you trust the certificate (todo: how to get rid of warning?).

Kubernetes Dashboard

https://<k8s-master-ip>/ui

Monitoring

https://<k8s-master-ip>/api/v1/proxy/namespaces/kube-system/services/monitoring-grafana/

Logging

https://<k8s-master-ip>/api/v1/proxy/namespaces/kube-system/services/kibana-logging/ (not sure how to use...)

acidtib/deis-v1-to-v2-cheatsheet.md